Hi Douglas,
Thanks a lot for your kind help.
On Nov 10, 2011, at 5:12 PM, Douglas E. Engert wrote:
> This has been a very busy thread over night.
>
> As co-author of http://www.ietf.org/rfc/rfc3820.txt and having
> worked on the Globus GSI code from 1996-2004 I would like to make some
> comment
On 11/10/2011 9:12 AM, weizhong qiang wrote:
>
> On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
>
>> On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang
>> wrote:
>>> As I mentioned that I need to use EEC credential to generate a proxy
>>> credential (process is the same as you use CA credential
This has been a very busy thread over night.
As co-author of http://www.ietf.org/rfc/rfc3820.txt and having
worked on the Globus GSI code from 1996-2004 I would like to make some
comments. At the 1998 Supercomputing conference in Orlando, I was issuing
Globus smartcards which could be used with gr
On Thu, Nov 10, 2011 at 5:12 PM, weizhong qiang wrote:
>
> On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
>
>> On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang
>> wrote:
>>> As I mentioned that I need to use EEC credential to generate a proxy
>>> credential (process is the same as you use CA cr
On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
> On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang
> wrote:
>> As I mentioned that I need to use EEC credential to generate a proxy
>> credential (process is the same as you use CA credential to generate a EEC
>> credential).
>> The the generation
On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang wrote:
> As I mentioned that I need to use EEC credential to generate a proxy
> credential (process is the same as you use CA credential to generate a EEC
> credential).
> The the generation step, I need to use X509_sign (int X509_sign(X509 *x,
> EVP
hi,
On Nov 10, 2011, at 2:18 PM, Jan Just Keijser wrote:
> Alon Bar-Lev wrote:
>> On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang
>> wrote:
>>
>>> hi Alon,
>>> Sorry that I make you be confused.
>>>
>>> On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
>>>
>>>
On Thu, Nov 10, 2011 a
hi Alon,
On Nov 10, 2011, at 2:15 PM, Alon Bar-Lev wrote:
> On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang
> wrote:
>> hi Alon,
>> Sorry that I make you be confused.
>>
>> On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
>>
>>> On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
>>> wrote:
>>>
Alon Bar-Lev wrote:
> On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang
> wrote:
>
>> hi Alon,
>> Sorry that I make you be confused.
>>
>> On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
>>
>>
>>> On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
>>> wrote:
>>>
> OpenSSL is full
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang wrote:
> hi Alon,
> Sorry that I make you be confused.
>
> On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
>
>> On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
>> wrote:
OpenSSL is fully compatible with this approach, having RSA object that
>
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
> On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
> wrote:
>>> OpenSSL is fully compatible with this approach, having RSA object that
>>> can be used for crypto operation without actually having the pr
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang wrote:
>> OpenSSL is fully compatible with this approach, having RSA object that
>> can be used for crypto operation without actually having the private
>> key. This is done via the concept of "engine" which delegate the
>> crypto calls to the hardwa
hi Alon,
Thanks for your reply.
On Nov 10, 2011, at 10:42 AM, Alon Bar-Lev wrote:
> Your whole concept is totally wrong.
> If you switch to hardware cryptography, and utilize its advantages,
> you do not have direct access to the private key.
> This what makes hardware cryptography better than s
Your whole concept is totally wrong.
If you switch to hardware cryptography, and utilize its advantages,
you do not have direct access to the private key.
This what makes hardware cryptography better than software only solutions.
OpenSSL is fully compatible with this approach, having RSA object th
hi Jan,
On Nov 10, 2011, at 10:13 AM, Jan Just Keijser wrote:
> Take a look at:
> http://www.metacentrum.cz/en/about/devel/pkcs11.html
> and
> https://lists.strongswan.org/pipermail/users/2007-July/001900.html
Thanks a lot for your information.
>From this link: http://www.metacentrum.cz/en/abo
Take a look at:
http://www.metacentrum.cz/en/about/devel/pkcs11.html
and
https://lists.strongswan.org/pipermail/users/2007-July/001900.html
the basic idea is that you don't extract a private key, but you ask the
nss softtoken to sign a request for you.
HTH,
JJK
weizhong qiang wrote:
> hi A
Hello,
You can't.
pkcs11-helper targets developers who want to use smartcards without
overhead of the actual card management.
Well behaved smartcards should not allow export of private key.
Why do you need the private key anyway?
Alon.
On Thu, Nov 10, 2011 at 3:27 AM, weizhong qiang wrote:
> h
hi Alon,
On Nov 10, 2011, at 8:24 AM, Alon Bar-Lev wrote:
> Hello,
>
> You can't.
> pkcs11-helper targets developers who want to use smartcards without
> overhead of the actual card management.
> Well behaved smartcards should not allow export of private key.
But it seems the pk12util can acco
hi all,
I tried to use pkcs11-helper api to retrieve X509 and private key from nss
softtoken, wit the 1.09 version of pkcs11-helper.
I can get X509 object, but the returned RSA object only includes public key,
rather than private key.
I paste the code as the following.
Could anyone give me some
19 matches
Mail list logo
